b085989923
Land #6266 , rsync creds scraper
2015-12-14 11:37:30 -06:00
bd8aea2618
Fix check for jenkins_java_deserialize.rb
...
This fixes the following:
* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
2015-12-14 11:25:59 -06:00
5ffc80dc20
Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability
2015-12-14 10:51:59 -06:00
4e492a1b0c
Add an additional grammar change to the listener option
2015-12-13 12:04:20 -05:00
90a523fb0a
Typos inside parameters description.
2015-12-12 22:48:20 +01:00
dee23e4bda
Merge pull request #3 from jhart-r7/pr/fixup-6319
...
Cleanup redis unauth_file_upload, move redis stuff to mixin
2015-12-12 03:32:05 +00:00
eb4611642d
Add Jenkins CLI Java serialization exploit module
...
CVE-2015-8103
2015-12-11 14:57:10 -06:00
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
48a27170c2
Document process better, delete correct key
2015-12-10 09:13:13 -08:00
d2f54af23f
Reset the dir and dbfilename back to their original settings
2015-12-10 08:56:24 -08:00
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
a5c6e260f2
Update hp_vsa_login_bof.rb
...
Updated reference URL to latest location
2015-12-10 10:56:39 -05:00
563be5c207
Land #6322 , another Perl IRC bot exploit
2015-12-10 09:43:07 -06:00
a945350821
Land #6307 , Perl IRC bot exploit
2015-12-10 09:42:35 -06:00
0d8fc78257
make code more clear
2015-12-10 15:13:50 +00:00
42013c18ba
add a password option - AUTH_KEY
2015-12-10 08:24:47 +00:00
28bc5b4d4f
move it from exploit to auxiliary
2015-12-10 08:23:38 +00:00
4cc7853ad8
Don't run_host unless check returns vulnerable; report_service
2015-12-09 18:33:40 -08:00
624e5aeffa
First pass at converting redis module to aux; style cleanup
2015-12-09 17:59:48 -08:00
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
39da306b1d
Land #6057 , @danilbaz's module for dumping Bitlocker master key (FVEK)
2015-12-08 18:16:39 -08:00
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
ed8076f361
Merge branch 'master' into pr/6197
2015-12-08 12:08:15 -08:00
2177b979fd
Update SessionTypes command to describe why shell is not listed
2015-12-08 12:06:47 -08:00
3890961155
Correct SEP client exclusion enumeration
2015-12-08 10:16:25 -08:00
7378e7b128
Do elog() when print_error()
2015-12-08 11:06:59 -06:00
be5f648969
manage-bde.exe path test if in System32 or sysnative
2015-12-08 16:14:13 +01:00
53acfd7ce3
Land #6303 , Add phpFileManager 0.9.8 Remote Code Execution
2015-12-07 21:13:48 -06:00
ea3c7cb35b
Minor edits
2015-12-07 21:13:14 -06:00
db788d1b7c
Land #6238 , CmdStager BOURNE_{PATH,FILE} options
2015-12-07 12:34:42 -06:00
b36834f4bc
Update legend_bot_exec.rb
2015-12-07 10:38:36 +08:00
2244f2aa43
Add Legend Perl IRC Bot Remote Code Execution
2015-12-07 10:30:28 +08:00
26c8fd8faa
Update xdh_x_exec.rb
2015-12-07 08:25:19 +08:00
9ee5498090
Update xdh_x_exec.rb
...
satisfying msftidy's request
2015-12-06 20:21:18 +08:00
10a8e98e41
Update xdh_x_exec.rb
2015-12-06 20:11:49 +08:00
14afbc6800
Update xdh_x_exec.rb
...
updated description and new author.
2015-12-06 20:10:19 +08:00
20f6cbe5ba
upload file to redis server (unauthentication)
2015-12-06 06:11:11 +00:00
ca023b6499
Simplified do_report() to comply with msftidy
2015-12-05 23:27:28 +00:00
4f1f755c1d
msftidy
2015-12-05 22:49:40 +00:00
4469e9b5ef
Finalised module
2015-12-05 22:45:08 +00:00
bd1bf4aa72
Initial test, fixed noteswq
2015-12-05 21:19:34 +00:00
09c58e4097
Massive rework of the storage/notes/reporting
2015-12-05 21:18:29 +00:00
f6417df9ba
Update enum_av_excluded to work properly under wow64
2015-12-04 17:13:43 -08:00
66ba204c11
Land #6308 , change youtube url
2015-12-04 16:31:00 -06:00
14b1b3a1f0
Land #6299 , Stageless HTTP(S) Python Meterpreter
2015-12-04 16:16:54 -06:00
644c1347cd
Update payload sizes
2015-12-04 16:14:37 -06:00
ad60a4118e
Put admin and client exclusions in different tables
2015-12-04 13:01:28 -08:00
c92365090f
Simpler
2015-12-04 12:38:25 -08:00
e7d2eb6ad9
Wire in support for showing process and file extension exclusions
2015-12-04 12:35:42 -08:00
78a303974f
Handle empty exclusions better
2015-12-04 12:19:17 -08:00
81ee01a93e
Simplify exclusion extraction and printing
2015-12-04 11:42:03 -08:00
1968a76863
Simplify AV enumeration code
2015-12-04 10:27:14 -08:00
fc9d818837
change youtube url
2015-12-04 10:15:56 +01:00
faac44f257
Update xdh_x_exec.rb
2015-12-04 12:39:19 +08:00
f52e6ce65c
Update xdh_x_exec.rb
2015-12-04 11:17:16 +08:00
4955357015
Update xdh_x_exec.rb
2015-12-04 11:06:06 +08:00
4e43a90187
Add Xdh / fBot IRC Bot Remote Code Execution
2015-12-04 10:40:37 +08:00
340fe5640f
Land #6255 , @wchen-r7's module for Atlassian HipChat JIRA plugin
2015-12-03 20:01:06 -06:00
a972b33825
Fix typo
2015-12-03 20:00:37 -06:00
28ee056c32
Make enumeration of each individual AV optional
2015-12-03 16:07:49 -08:00
c007fffbce
Style cleanup
2015-12-03 15:55:12 -08:00
f8c11b9cd1
Move to multi
2015-12-03 17:49:21 -06:00
3bbc413935
Update phpfilemanager_rce.rb
2015-12-04 06:20:43 +08:00
67edf88c39
Doc
2015-12-03 14:25:01 -06:00
f33e63c16f
Support Win/Linx/Java payloads for Win/Linux platforms
2015-12-03 14:02:32 -06:00
db5c69226e
Add Usernames to Creds Database with owa_login.rb
2015-12-03 09:31:36 -07:00
28ca899914
Update phpfilemanager_rce.rb
2015-12-03 18:07:25 +08:00
83824b2902
First commit to support Windows for jira_hipchat_template
...
In Java
2015-12-03 02:39:55 -06:00
d63bb4768f
Update phpfilemanager_rce.rb
2015-12-03 14:09:02 +08:00
374b630601
Update phpfilemanager_rce.rb
2015-12-03 13:57:19 +08:00
56b810cb18
Update phpfilemanager_rce.rb
2015-12-03 12:44:41 +08:00
5414f33804
Update phpfilemanager_rce.rb
2015-12-03 12:43:47 +08:00
ab77ab509a
Update phpfilemanager_rce.rb
2015-12-03 12:35:49 +08:00
869caf789f
Update phpfilemanager_rce.rb
2015-12-03 12:34:17 +08:00
a2d51d48cd
Add phpFileManager 0.9.8 Remote Code Execution
2015-12-03 12:11:31 +08:00
fdbd3cfc11
Fix minor style problems, call check() from run_host
2015-12-02 15:46:35 -08:00
09cd63a70c
Land #6302 , Limesurvey File Download aux mod
2015-12-02 15:43:56 -06:00
93a4fd0ee4
Minor edits
2015-12-02 15:43:11 -06:00
581ea89f7f
fix nil error
2015-12-02 11:19:08 +01:00
f06e4f3dbd
make this module work with other languages too
2015-12-02 11:14:10 +01:00
1a4b91e33e
unzip backup file
2015-12-02 11:01:56 +01:00
15dd18dc4b
use single quotes, remove explicit nil
2015-12-02 09:36:07 +00:00
0f24ca7d13
Land #6280 , @wchen-r7's module for Oracle Beehive processEvaluation Vulnerability
2015-12-01 21:38:09 -06:00
d269be22e7
Land #6223 , @wchen-r7's module for Oracle Beehive prepareAudioToPlay exploit
2015-12-01 21:36:18 -06:00
9697ce5033
Specify arch & platform for generate_payload_exe
...
If not specified, generic payloads will fail.
2015-12-01 18:46:52 -06:00
0e21265ecc
Fix cookie parsing, typo, and unused var
2015-12-01 17:39:40 -06:00
366b92a79e
Store rsync creds as creds, not loot
2015-12-01 15:30:39 -08:00
217374d1c0
add limesurvey file download
2015-12-02 00:06:13 +01:00
bb3a3ae8eb
Land #6176 , @ganzm's fix for 64 bits windows loadlibrary payload
2015-12-01 13:18:41 -06:00
3b3b569d8e
Fix payload CacheSize for current pymet
2015-12-01 13:00:15 -05:00
bfe81db9a5
Update cached size
2015-12-01 11:45:45 -06:00
2348cb7374
Update loadlibrary for 64 bits
2015-12-01 11:41:37 -06:00
385378f338
Add reference to Rapid7 advisory
2015-12-01 11:37:27 -06:00
98a0ddebda
Land #6298 , Advantech shellshock module
2015-12-01 11:37:09 -06:00
9dbf7cb86c
Remove the SSL option (not needed)
2015-12-01 11:34:03 -06:00
758e7c7b58
Rename
2015-12-01 11:33:45 -06:00
ea2174fc95
Typo and switch from raw -> encoded
2015-12-01 10:59:12 -06:00
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
ea363dd495
priv to true
2015-12-01 10:23:36 -06:00
2621753417
priv to true
2015-12-01 10:21:56 -06:00
d5d4a4acdc
Register the correct jsp to cleanup
2015-12-01 10:21:15 -06:00
bd8177bf6c
Merge remote-tracking branch 'origin/pr/6284'
...
Land #6284 , fix for false negatives found in #6281
@wvu found some false negatives while testing a server for #6281
2015-11-30 16:09:42 -06:00
fba9715a56
Add stageless python meterpreter http & https payloads
2015-11-28 17:41:55 -05:00
59bd88ff70
msftidy
2015-11-27 16:45:52 -05:00
9c016343c7
Update to logic and reliability
...
Included support for Windows Defender
Rewrote logic to support hosts with multiple AV products installed
2015-11-27 16:41:40 -05:00
d2bfc4d8e0
Added reverse shell payload for Mainframe
...
This is the first and probably most useful shellcode for mainframe
platform. Standard reverse shell works just like any other platform
reverse shell.
2015-11-26 17:07:03 -06:00
1b495e73ac
Further reduce python reverse_http duplicate code
2015-11-26 14:31:00 -05:00
bd25ffa48c
Consolidate py reverse http uri code into a mixin
2015-11-26 13:32:50 -05:00
920d8c6ad7
Land #6278 , wrong default option for RHOST
2015-11-26 06:49:25 +01:00
90fb3e0118
Land #6277 , jenkins domain cred recovery aux module
2015-11-25 22:58:43 -06:00
a7a89adfac
Land #6264 , meterpreter per-extension init string support, update payloads to 1.0.17
...
This brings in the following changes:
Changes to support maven 3.3+
Don't fall back to 0.0.0.0
Remove all debug builds from the Windows projects
Add show_mount, ps_list, and some core tweaks
Refactor TLV layout, add more debug output, token stealing
Add incognito binding, code tidies
Update packaged libs
Add transport list binding
Add transport add command to python binding
Update python core lib archive
change source perms back to non-executable
First pass of stageless initialisation script
Finalise stageless initialisation scripts
add BOOT_COMPLETED receiver that starts the Payload
Improve the implementation of the getuid command
Switch to Utils.runCommand per timwr's suggestion
Updated init script method
also bumps msgpack 0.7.1, which fixes a failure packing messages > 256k
2015-11-25 22:27:27 -06:00
78e306e281
s/Initialision/Initialization/
2015-11-25 22:07:25 -06:00
d984e5c781
update payload sizes
2015-11-25 22:04:52 -06:00
7dc268d601
Land #6283 , increase the amount of space needed for ms08_067
2015-11-25 19:37:25 -06:00
8fd2522a59
Land #6257 , @all3g's aux module for locating git repos over HTTP
2015-11-25 12:25:45 -08:00
a56571479f
Remove WmapScanServer mixin; not needed
2015-11-25 11:38:32 -08:00
2da9bb8578
Follow redirects in apache_userdir_enum
...
Found false negatives while testing a server for #6281 .
2015-11-25 13:27:06 -06:00
a692a5d36c
Remove Platform, this should work everywhere; correct grammar
2015-11-25 11:23:18 -08:00
e56aa96a66
Land #6281 , TARGETURI/full_uri fixes
2015-11-25 13:15:50 -06:00
8f459de064
Fix tomcat_enum for full_uri
2015-11-25 11:28:56 -06:00
38a9efe4d6
Fix squiz_matrix_user_enum for full_uri
2015-11-25 11:28:53 -06:00
35ea8c3f74
relax space needed a bit less, work with Windows XP and 2k3
2015-11-25 11:25:57 -06:00
7d17c5741b
Fix nginx_source_disclosure for full_uri
2015-11-25 11:19:27 -06:00
035882702a
Fix barracuda_directory_traversal for full_uri
2015-11-25 11:18:17 -06:00
7a5f6495d0
Fix axis_local_file_include for full_uri
2015-11-25 11:16:59 -06:00
42d12a4d40
Fix apache_userdir_enum for full_uri
2015-11-25 11:16:22 -06:00
2a89a2bc9a
increase the amount of space needed for ms08_067
2015-11-25 07:13:16 -06:00
c09d8031c6
Remove default empty string
2015-11-25 12:19:16 +05:00
f9d3652e1a
Land #6282 , deprecated module cleanup
...
rm modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
2015-11-24 23:48:09 -06:00
6fbcb3d127
Land #6263 , add BisonWare BisonFTP Server Buffer Overflow
2015-11-24 22:55:15 -06:00
f57ebad0e6
Change hard tabs to spaces
2015-11-24 22:54:52 -06:00
9a7e51daec
Update bison_ftp_bof.rb
2015-11-25 11:47:21 +08:00
3d6e4068cb
Update bison_ftp_bof.rb
2015-11-25 11:17:07 +08:00
591da3c97e
Please use exploit/multi/browser/adobe_flash_pixel_bender_bof
...
Time to say goodbye to:
exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
Please use:
exploit/multi/browser/adobe_flash_pixel_bender_bof
Reason: The replacement supports multiple platforms, so better.
2015-11-24 20:37:57 -06:00
eac4f02b66
Spelling and correct description
2015-11-24 17:57:56 -08:00
3ad7ef9814
Modify the printed URL to add https:// when SSL is used.
2015-11-25 12:46:56 +11:00
4e2eb7ca65
Add Oracle Beehive processEvaluation Vulnerability
2015-11-24 19:17:57 -06:00
ccdf814688
Use correct URIs in report_note
2015-11-24 09:52:07 -08:00
c66d56263a
Cleaner and more consistent print_ *
2015-11-24 09:43:05 -08:00
55b3e10390
Land #6258 , smart_migrate enhancement
2015-11-24 11:30:29 -06:00
1e90a8004d
Correct printing of URIs when provided TARGETURI doesn't end with /
2015-11-24 09:11:04 -08:00
afa4d9e74d
Add legit git UserAgent
2015-11-24 08:57:19 -08:00
d59c563ee3
Don't store index file
2015-11-24 08:51:43 -08:00
e29a229336
Minor style cleanup
2015-11-24 08:50:21 -08:00
2152c310fe
Remove the default true option of RHOST
2015-11-24 14:54:54 +05:00
74e1b8d5ac
Fix res nil
2015-11-24 00:15:05 -06:00
95ca288f9d
Modify check
2015-11-23 20:33:14 -06:00
09e6a54886
In case anonymous is not allowed for decryption
2015-11-23 20:26:41 -06:00
20ba10d46c
Spaces, how dare you
2015-11-23 16:45:02 -06:00
faab28f1d6
Add Jenkins Domain Credential Discovery Auxiliary Module
2015-11-23 16:23:59 -06:00
16e6ced867
Land #6108 , OpenVPN creds scraper
2015-11-23 14:25:19 -06:00
601d4fda9f
Add note about --auth-nocache
2015-11-23 14:24:26 -06:00
718e928fe3
Control per-user config file
2015-11-23 11:11:03 -08:00
493e476a43
Land #6243 , check nil for sock.read
2015-11-23 11:15:51 -06:00
5654b6b2e2
Land #6227 , reverse_hop_http updates and HTTPS unification
2015-11-23 06:29:15 -06:00
441fff4b7c
Update bison_ftp_bof.rb
...
Adding constant NOP
2015-11-23 06:53:12 +08:00
2dd8567741
remove GIT_HEAD / add description / git_config regex match / save index|config file(s)
2015-11-22 09:18:19 +00:00
93bb31dfa0
Make path to rsyncd configuration file configurable
2015-11-21 19:50:33 -08:00
1410d03386
Fixed msftidy capitalisation.
2015-11-22 14:32:51 +11:00
fc46ce0ced
Bring module title in line with other WP modules.
2015-11-22 13:39:45 +11:00
e0386d6830
add scan switches GIT_INDEX / GIT_HEAD / GIT_CONFIG
2015-11-21 03:06:37 +00:00
aa962f30a9
Minor style/usability cleanup
2015-11-20 13:51:31 -08:00
a96102c20a
Minor cleanup
2015-11-20 13:19:38 -08:00
c75e3c8e84
Initial commit of a post module for looting rsync credentials
2015-11-20 12:57:33 -08:00
b2d6458f50
Land #6129 , Joomla SQLi RCE
2015-11-20 14:30:23 -06:00
5592e4e4ea
seek_relative suppression (use seek instead)
2015-11-20 18:30:51 +01:00
dd027982ae
if recovery_key specified, only method that is tried
2015-11-20 18:30:50 +01:00
f49d6905a6
Fix comments by @jhart-r7
2015-11-20 18:30:50 +01:00
8f135c07aa
Remove hard coded C:\Windows and use %SYSTEMROOT%
2015-11-20 18:30:49 +01:00
7d9d74f609
msftidy...
2015-11-20 18:30:49 +01:00
c8847182d7
Add module to dump Bitlocker master key (FVEK)
2015-11-20 18:30:48 +01:00
e3bca890c1
Update bison_ftp_bof.rb
2015-11-20 23:45:15 +08:00
1dee6dca1b
Update bison_ftp_bof.rb
2015-11-20 13:37:46 +08:00
bd856322e0
Update bison_ftp_bof.rb
2015-11-20 09:58:44 +08:00
335944aa9a
Update bison_ftp_bof.rb
2015-11-20 09:38:55 +08:00
fcc7520230
Create bison_ftp_bof.rb
2015-11-20 09:07:40 +08:00
7c5d292e42
Land #6201 , chkrootkit privesc
2015-11-19 10:37:30 -06:00
f1675f9ae4
Minor enhancement to smart_migrate
...
Adding a check to see if the user is currently already migrated to the "explorer.exe" and "winlogon.exe" processes prior to attempting migration.
2015-11-19 13:30:12 +00:00
1795e09a27
scan git disclosure (.git/index)
2015-11-19 09:16:32 +00:00
8d1f5849e0
Land #6228 , @m0t's module for F5 CVE-2015-3628
2015-11-18 15:39:40 -08:00
ae3d65f649
Better handling of handler creation output
2015-11-18 15:31:32 -08:00
bcdf2ce1e3
Better handling of invulnerable case; fix 401 case
2015-11-18 15:24:41 -08:00
3c72135a2f
No to_i
...
What happens here is it converts to a Fixnum, and then it converts
back to a String anway because it's in a String.
2015-11-18 15:25:18 -06:00
deec836828
scripts/handlers cannot start with numbers
2015-11-18 12:31:46 -08:00
7399b57e66
Elminate multiple sessions, better sleep handling for session waiting
2015-11-18 12:23:28 -08:00
e4bf5c66fc
Use slightly larger random script/handler names to avoid conflicts
2015-11-18 11:51:44 -08:00
e7307d1592
Make cleanup failure messages more clear
2015-11-18 11:44:34 -08:00
0e3508df30
Squash minor rubocop gripes
2015-11-18 11:05:10 -08:00
f8218f0536
Minor updates to print_ output; wire in handler_exists;
2015-11-18 11:05:10 -08:00
392803daed
Tighten up cleanup code
2015-11-18 11:05:10 -08:00
657e50bb86
Clean up module
2015-11-18 12:50:57 -06:00
c0d9c65ce7
always overwrite the payload file
2015-11-18 18:48:34 +00:00
0cda20c9e2
Fix everything pointed out by @jlee-r7
2015-11-18 12:02:28 -06:00
682a41af2e
Update description
2015-11-18 11:52:50 -06:00
d6921fa133
Add Atlassian HipChat for Jira Plugin Velocity Template Injection
...
CVE-2015-5603
Also fixes a bug in response.rb (Fix #6254 )
2015-11-18 11:34:25 -06:00
a484b318eb
Update registry_persistence.rb
2015-11-18 16:13:18 +00:00
William Vu
wchen-r7
Spencer McIntyre
radekk
Vex Woo
dmohanty-r7
Jon Hart
karllll
nixawk
BAZIN-HSC
JT
Stuart Morgan
Christian Mehlmauer
jvazquez-r7
r3naissance
Rory McNamara
James Lee
HD Moore
Kyle Gray
Andrew Smith
Bigendian Smalls
Louis Sato
Brent Cook
Waqas Ali
aushack
sammbertram
m0t